RTO for critical application
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: There is no standard or default Recovery Time Objective (RTO) that can be attributed to an application, because the RTO value is based on the results of a Business Impact Analysis (BIA), which is unique for each organization context. The definition of RTO can be made by the person responsible by the application, considering the inputs of interested parties impacted by a disruption on application operation (e.g., customers, regulators, etc.), and it is approved by top management.
These materials will provide you further explanation about RTO and BIA :
- What is the difference between Recovery Time Objective (RTO) and Recovery Point Objective (RPO)? https://advisera.com/27001academy/knowledgebase/what-is-the-difference-between-recovery-time-objective-rto-and-recovery-point-objective-rpo/
- Implementing Business Impact Analysis according to ISO 22301 [free webi nar on demand] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar-on-demand/
Comment as guest or Sign in
Feb 24, 2018